Syslog monitor addon beta

[cigamit]

Great plug-in and I believe this is exactly what I've been looking for in viewing syslog log files.

I've installed the plugin and database and believe that they are both working fine. I'm using FreeBSD with Rsyslogd, which stores syslog messages natively to a MySQL database I have that's on the same server.

Now I've been reading up on this plug-in but I'm still not 100% sure I know how it works. Is it going to pull data from my current syslog server and display that? Currently I have my Rsyslogd setup to log messages to MySQL, with a template setup pointing to what database/table/etc I want it stored in. Will I be using a new database to house these messages and not need my current syslog server?

Any help would be appreciated. Thanks.

The plugin doesn't pull anything. Its just a viewer (and alerter). Your syslog server must stick its own entries into the database. Most syslog clients don't do this out of the box, syslog-ng or msyslog are both fairly easy to setup to get this done though.

[goosed]

Thanks for the info cigamit. With that I've decided to move to Syslog-NG for my purposes.

However I am having trouble getting it to run. I've followed a setup guide from here but cannot get Syslog to output anything.

I have declared my source net and created the fifo pipe, but when I cat the pipe or tail /var/log/messages I have nothing. Any ideas? Thanks again.

[goosed]

It magically started working. Not sure how, but I'm getting stuff through the pipe and into my database. So far so good.

[goosed]

Don't mean to be a pain but I checked this morning and logs are no longer going into my database. I remade the pipe and restarted Syslog, but nothing. When I cat the pipe I can see tons of stuff going through it.

[cigamit]

Don't mean to be a pain but I checked this morning and logs are no longer going into my database. I remade the pipe and restarted Syslog, but nothing. When I cat the pipe I can see tons of stuff going through it.

Is your script still running to move the data from the fifo to the mysql table? For instance here is mine. I have set /etc/init.d/syslog-ng to start the script before starting the syslog daemon, and to kill it when exitting. So now if happen to start or stop the syslog service, the extra script is also up and running.

Code: Select all

#!/bin/bash
if [ ! -e /tmp/mysql.pipe ]; then
	mkfifo /tmp/mysql.pipe
fi  

while [ -e /tmp/mysql.pipe ]
do
	mysql -u cactiuser --password=cactiuser syslog < /tmp/mysql.pipe
done

[airwalk]

Guys, you rock! Keep up the good work!

The only things I eager to see in Haloe are a simple implementation of regex and alerting capability.

And a small tip for those who use mysql on non-standard port. In order to run Haloe you would need to set port manually for the function db_connect_real in lib/database.php like this:

" db_connect_real($host,$user,$pass,$db_name,$db_type, $port = "3307", $retries = 20) "

[goosed]

Hey cigamit thanks for the reply. I actually reverted back to Rsyslog after doing some reading and was successfully able to get that to filter into my MySQL database. I figured that the pipe was probably dying and couldn't bare trying to fix it again. It looks like it's working well now. I've gotten the alerts and removals working so hopefully everything will stay the way it is. Thanks again.

[cigamit]

Guys, you rock! Keep up the good work!

The only things I eager to see in Haloe are a simple implementation of regex and alerting capability.

And a small tip for those who use mysql on non-standard port. In order to run Haloe you would need to set port manually for the function db_connect_real in lib/database.php like this:

" db_connect_real($host,$user,$pass,$db_name,$db_type, $port = "3307", $retries = 20) "

Hum.. I will add an option for the port. Also, there already are alerting capabilities in Haloe (well my "version" at least). What do you want done with regex?

[airwalk]

When (or where) could we get this "my version"? =)

As of regex it would be great to implement basic regex metacharacters for "Search 'Message' text:". For example, it's often when we need to search for an entries which has text "aaa" and text "bbb" somewhere in the record.

[cigamit]

When (or where) could we get this "my version"? =)

It was posted here in the forums, but the newest of course if always available on my website with all the others.

As of regex it would be great to implement basic regex metacharacters for "Search 'Message' text:". For example, it's often when we need to search for an entries which has text "aaa" and text "bbb" somewhere in the record.

Ya, I noticed that this doesn't work as well as expected, and I will fix that in the next version. I also don't particularly like a lot of the characters it strips out of the search, so I will probably place those back in.

[airwalk]

I suppose there's a kind of bug/misbehavior. If you've got a misconfiguration with your e-mail options and email function doesn't execute correctly then the actual messages doesn't transfer from incoming_syslog to syslog. Only the status changes from "0".

Besides, if I set an alert and click on "save" i receive "the page cannot be displayed". Though If I refresh the page everything goes fine and I see an alert as created.

I use IIS6 with normal CGI and Zend.

I doubt maybe it's a web server problem?

[mpb]

am posting this issue here, not to create a new thread.

i installed haloe 0.4 on cacti 0.86i with freebsd and it works ok so far - ie i can view logs that are located in syslog, which would have been transfered from syslog_incoming.

however when i select a 'preset' time range it doesnt seem to work, and always goes back to the default 'half hour' regardless of which option i use.

anyone seen this ?


thanks

[qwertz]

hello,

I am trying to install haloe 0.4

I can see the logs populating the database but the problem is i don't see theses logs through cacti

Everything seems to work and in the haloe folder, i only changed the database settings in config.php file

I can see someting only after i enter manually the command below:
root@ubuntu:/usr/share/cacti/site/plugins# php5 -q /usr/share/cacti/site/plugins/haloe/syslog_process.php /debug
Deleted 0 old Messages (older than 30 days)
Unique ID = 45
Found 10 new Messages to process
Found 0 Removal Rules to process
Found 0 Alert Rules to process
Moved 10 Messages to the 'syslog' table
Deleted 10 already processed Messages from incoming

In fact, the data inside the syslog_incoming table is not transferred automatically to the syslog table.

Will i be forced to add a cron job to run the syslog_process.php file?

can you help me?
Thanks

Qwertz

[cigamit]

In fact, the data inside the syslog_incoming table is not transferred automatically to the syslog table.

The plugin uses a hook in the bottom of poller.php in order to do all the automatic work. Make sure you have overridden the files that came with the plugin architecture with any other add-ons (for instance 1 minute polling)

[qwertz]

Thank you very much for your help.

in the bottom of the poller.php file, i have :

do_hook("poller_bottom");

Is it normal?

i have cacti 0.8.6h, this is perhaps why i have the problem. it was working with cacti 0.8.6g

REgards

QWertz